Printable Version of Topic

Click here to view this topic in its original format

Free Software _ Help, Hints, Tips & Tech Stuff _ System Restore Is it a good thing or a bad thing?

Posted by: James (Jim) Hillier Apr 25 2010, 11:19 PM

I do get fed up with so called ?experts? continuing to demean the use of System Restore to overcome minor PC issues. I have just visited a help forum where one of these ?experts? informed a newbie poster, who was soliciting advise on how to fix a Windows update which had not installed properly, that System Restore would most likely ?screw up your Vista PC even further??..that is, in my opinion, very bad advice.

Regardless of what the ?experts? believe, the fact remains that System Restore is the number one solution for ?average? users when they are experiencing minor issues with their PC?s.

Some salient points re System Restore:

1) System Restore is not a fix, it is a work-around and as such should be the last resort rather than the first port of call. Always try to ?fix? the problem first and if all else fails then go to System Restore.

2) System Restore in XP is somewhat iffy, no doubt about that but the feature is much improved in Vista and Windows 7. The likelihood of System Restore ?further screwing up a PC? (in Vista/Windows 7) is extremely slim.

3) System Restore should always be initiated from within Safe Mode.

4) System Restore should not be used to help rectify problems caused by malware infections.

System Restore has helped me out on many occasions and I have no doubt it has also done the same for many of you.

That said; System Restore is certainly far from the ultimate solution. That prize must go to creating full system image backups via imaging software. But, as a simple solution, for minor issues which cannot be overcome by other means it can be, in my opinion, an invaluable resource.


Posted by: marko Apr 26 2010, 07:50 AM

I think the reason many dislike system restore Jim is most probably because of the risk of viruses, or rather the potential for a virus to harbour itself within system restore. I've lost count of the amount of times I've heard people say they have used system restore after their PC became almost unusable and system restore did nothing to help it. This was because when they contracted a virus, the sytem restore then began backing up the virus also, meaning each time they attempted to restore their machine, they were simply restoring the virus as well!.

System Restore most definately has it's uses, but when dealing with viruses it's always recommended to flush the system restore (turn it off basically) before attempting to deal with the infection, this way once the machine is clean there is no chance of the system restore re-infecting the machine. For everyday use, system restore is a great addition to an external backup solution, but some rely soley on it which means when the hard drive fails everything is lost. With the cost of external media coming down day by day, it's never been a better time to get into the routine, even if it is only to backup a few word docs or your browser favourites!.

Posted by: James (Jim) Hillier Apr 26 2010, 11:12 AM

Hey Marko - Good points as always mate.

However I was not suggesting anyone use System Restore to combat the adverse affects of malware infection, nor would I ever advocate that.....I did say (in my original post) "minor PC issues".

On the forum I was referring to, a newbie member was soliciting advice on how to fix a wonky Windows know mate, one of those that doesn't quite complete installation and just keeps going round and round in a viscous circle. That's the sort of situation I was referring to, probably my fault as I should have made it clearer.

BTW Marko, Just a point of order:

but when dealing with viruses it's always recommended to flush the system restore (turn it off basically) before attempting to deal with the infection

I know that is often recommended but it is totally incorrect advice. One should never delete the System Restore points before attempting to deal with should deal with the infections first and then delete the Restore points afterward.

If you think about it mate, you will realise the reasons why.


P.S. I've now edited my original post to help clarify.

Posted by: marko Apr 26 2010, 12:26 PM

Hmm, you've puzzled me slightly Jim, if we're going to delete the system restore anyway I'm struggling to work out why it would matter when we do this. Only thing I can think of is that when we flush system restore, the files are not actually deleted, as with most 'deleted' items, they're not actually deleted but instead kept on the disc until they are overwritten, but I've not actually thought much about that and couldn't say whether this would still pose a risk or not, apart from that I can't think of any reason to keep the restore until we've scanned it - unless you know of a reason that is?

Posted by: James (Jim) Hillier Apr 26 2010, 01:23 PM

Okay, this is why I reckon it is bad practice to delete restore points prior to cleaning malware:

Any malware cleaning job can be a pretty dangerous mission, especially in the wrong hands (if ya know what I mean). We had a case on the DCT forum very recently where, after a scheduled scan, a certain security app flagged some harmless files as part of a rootkit infection. The member just deleted everything reported by the program (false positives and all) and ended up with a worse mess than he thought he had in the first place.

The trouble with deleting all restore points before commencing the cleanup is that if things go wrong (and they can and do) there is nowhere left to go!

If during a cleanup things do go wrong, at least with restore points left intact you will be able to go back to the starting point. Start from scratch, malware and all...and this time, after learning from your mistakes, do it right (hopefully).

On the other hand, I can think of no good reason why you would need to delete the restore points before cleaning.

That's why my advice is always; clean first and once you are sure (or as sure as one can be) the active malware has been successfully eradicated...then delete all restore points.

Hope that makes sense to you mate,
Cheers now....Jim

Posted by: marko Apr 26 2010, 02:11 PM

I can definately see the sense in that Jim, but I'm probably over cautious when it comes to infections, I'll try my best to clean it but depending on what has gotten in it's sometimes best to wipe and start again. Of course, that's easy for me to say because I backup all my data, etc, so it would potentially be easier and sometimes quicker for me to simply do a clean install and just restore everything back. This is obviously not the case for others, particularly home users who would rely heavily on their machines and couldn't afford to loose their data (backup backup backup as we say!!!)

I've seen grown men cry when they've had to loose 5 years worth of data because they didn't backup and their machines were useless, to the point they were unresponsive and took hours to startup alone, not a pretty sight!.

Posted by: James (Jim) Hillier Apr 26 2010, 03:52 PM

Yes mate, all spot on of course.

Many experts agree, once a machine has been infected it is nigh on impossible to be 100% certain you have eradicated all traces of malware. Except, as you say, wipe the drive clean and start over from scratch.

Mark, why don't you use imaging software? A full system image is the ultimate backup. If disaster strikes, just wipe the drive (in the case of malware) and restore the latest re-installing all your programs, no re-configuration and no lengthy updates. You're back up and running again in no time.

Cheers mate....Jim

Posted by: marko Apr 26 2010, 10:48 PM

When I was at my XP peak Jim, I created an auto-install disc which not only automatically installed the operating system precisely the way I wanted it, but then also installed all my apps - needless to say this had to be put on a DVD but normally the entire install process would take something like an hour or so. Never did get round to configuring the same for Vista, or more appropriately for me now, Windows 7. That was the reason I preferred to do an install rather than imaging, although in my early years in IT I remember the good ole Norton Ghost and sysprep which worked well most times - maybe I'll get round to doing an automated disc for Windows 7 sometime soon and share it with the members

Posted by: James (Jim) Hillier Apr 27 2010, 02:54 AM

Sounds like something which would be very useful and most welcome mate.

I do, more or less, the same thing with imaging software.

After a clean install, I download and install all my usual programs, configure everything and make sure everything is up to date. Once I'm happy everything is in place and just the way I want it, I then create and save an image.

Now if anything ever goes drastically wrong I can just restore that image and have everything back. Much better than just doing a clean install (or restoring to factory settings), saves hours of downloading and setting it all back up again from scratch.

Cheers mate....Jim

Powered by Invision Power Board (
Invision Power Services (